System and method for verifying physical proximity to a network device

ABSTRACT

Systems and methods for verifying physical proximity to a network device are provided. The method includes acquiring a tag identifier from a tag fixed in, on, or proximal to a network device, using a computing device. The tag is configured to be read and written to by electronic communication with the computing device, when the computing device is disposed in proximity to the tag. The method further includes transmitting data indicative of the tag identifier to a server, and receiving an authorization confirmation from the server. The method also includes rewriting the tag so as to replace the tag identifier with a new tag identifier, using the computing device, and performing one or more operations with the network device after receiving the authorization.

TECHNICAL FIELD

The present disclosure relates generally to systems and methods fordetermining physical proximity to a device including, withoutlimitation, a printing device.

BACKGROUND

Many different types of devices may be remotely accessible over anetwork, regardless of physical proximity; however, it may be useful todetect or otherwise ensure physical proximity of a user to the devicebeing accessed. One example of such an application is in a printingdevice. Detecting physical proximity can be combined with traditionalphysical access controls (locks, area monitoring, etc.). Thus, forexample, a user standing in front of a multi-function device (MFD) maybe allowed to scan from the MFD to a mobile device over a networkconnection, but users who are remotely located may not be permitted todo so. Moreover, some printer functions may require a print job to bereleased, with the intent being to provide the document to the user upondemand when the user is physically proximal to the printer.

However, such physical proximity detection systems are prone to defeatby a user causing the system to erroneously believe that the user is inphysical proximity to the device. For example, if the proof of proximityis static, it may be replayed or reused after an initial access by aphysically proximal user. One way this is avoided is by displaying adynamic access code, which a user must enter on a device to ensureproximity. Another way is to display a two-dimensional glyph or otherimage, which may be captured by a camera of the remote device. In eithercase, the captured code/glyph may be forwarded to the server, whichresponds by determining that the code/glyph is correct and thenauthorizing the mobile device.

Generally, such codes are displayed on a screen associated with thedevice; however, some devices lack a screen capable of displaying suchcodes and, moreover, may not prevent a physically proximal user fromrelaying the code to a remote user. Furthermore, using a camera of amobile device may be inconvenient and cumbersome to adequately capturethe code, and may require mobile devices with sufficient capabilities toperform, display, and transmit such glyphs or two-dimensional codes.Moreover, some locations may completely prohibit use of cameras, videos,etc., rendering this physical proximity detection technique unusable.

SUMMARY

Embodiments of the disclosure may provide a method for verifyingphysical proximity to a network device. The method includes acquiring atag identifier from a tag fixed in, on, or proximal to a network device,using a computing device. The tag is configured to be read and writtento by electronic communication with the computing device, when thecomputing device is disposed in physical proximity to the tag. Themethod further includes transmitting data indicative of the tagidentifier to a server, and receiving an authorization confirmation fromthe server. The method also includes rewriting the tag so as to replacethe tag identifier with a new tag identifier, using the computingdevice, and performing one or more operations with the network deviceafter receiving the authorization.

Embodiments of the disclosure may also provide a method for verifyingphysical proximity to a network device. The method includes associatinga network device with a tag identifier of a tag fixed to, in, orproximal to the network device. The tag is readable and writable usingelectronic communication with a computing device located in physicalproximity to the tag. The method also includes receiving anauthorization request from the computing device, the authorizationrequest including data indicative of an acquired tag identifier, anddetermining that the acquired tag identifier matches the tag identifierassociated with the network device. The method further includes, inresponse to determining that the acquired tag identifier matches the tagidentifier, causing the computing device to rewrite the tag so as tosubstitute the tag identifier with a new tag identifier.

Embodiments of the disclosure may further provide a system. The systemincludes a network device, and a tag that is readable and writeable byelectronic communication with a computing device positioned in physicalproximity to the tag, the tag being fixed in a location in, on, orproximal to the network device and being configured to store a tagidentifier. The system also includes a server coupled to the networkdevice. The server includes one or more processors and one or morecomputer-readable storing instructions that, when executed by at leastone of the one or more processors, are configured to cause the server toperform operations. The operations include associating the networkdevice with the tag identifier, and receiving an authorization requestfrom the computing device. The authorization request includes dataindicative of an acquired tag identifier. The operations further includedetermining that the acquired tag identifier matches the tag identifierof the network device, and, in response to determining that the acquiredtag identifier matches the tag identifier, causing the computing deviceto rewrite the tag so as to substitute the tag identifier with a new tagidentifier.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawing, which is incorporated in and constitutes apart of this specification, illustrates an embodiment of the presentteachings and together with the description, serves to explain theprinciples of the present teachings.

FIG. 1 illustrates a schematic view of a network system, according to anembodiment.

FIG. 2 illustrates a flowchart of a method for verifying physicalproximity, according to an embodiment.

FIG. 3 illustrates a flowchart of another method for verifying physicalproximity, according to an embodiment.

FIG. 4 illustrates a schematic view of a processor system, according toan embodiment.

It should be noted that some details of the figure have been simplifiedand are drawn to facilitate understanding of the embodiments rather thanto maintain strict structural accuracy, detail, and scale.

DETAILED DESCRIPTION

Reference will now be made in detail to embodiments of the presentteachings, examples of which are illustrated in the accompanyingdrawing. In the drawings, like reference numerals have been usedthroughout to designate identical elements. In the followingdescription, reference is made to the accompanying drawing that forms apart thereof, and in which is shown by way of illustration a specificexemplary embodiment in which the present teachings may be practiced.The following description is, therefore, merely exemplary.

FIG. 1 illustrates a network system 100, according to an embodiment. Thenetwork system 100 (hereinafter, “system 100”) generally includes anetwork device 102, a server 104, and a network 106 linking the networkdevice 102 to the server 104, thereby allowing data transmissiontherebetween. In an embodiment, the network device 102 may be a printingdevice, such as a multi-function device (MFD), as are known in the art.In other embodiments, the network device 102 may be any other type ofcomputing device that may be connected to the network 106, such as acomputer terminal, kiosk, or any other like device. The server 104 maybe representative of one or more processors, memory storage units, etc.configured to provide one or more computing systems, which may bearranged in any suitable configuration. Additionally, in at least oneembodiment, the network device 102 may provide the server 104 or one ormore functions thereof, as discussed below, which may potentiallyobviate a need for the network 106 in this regard.

Further, the network 106 may be any suitable type of network, forexample, including wireless data transfer. Examples of such networks mayinclude wireless Ethernet, Global System for Mobile Communications(GSM), Enhanced Data rates for GSM Evolution (EDGE), Universal MobileTelecommunications System (UMTS), Worldwide Interoperability forMicrowave Access (WiMAX), Long Term Evolution (LTE), etc. Further, thenetwork 106 may include a wired communications network using anysuitable transmission protocol, structure, type of wire/fiber, etc.

The network device 102 may be configured to transmit data to the network106 via connection line 108 and receive data therefrom via connectionline 110. Similarly, the server 104 may be configured to transmit datato the network 106 via connection line 112 and to receive data therefromvia connection line 114.

The system 100 may also include a tag 116, which may be fixed on, in, orproximal to (e.g., within a line of sight) to the network device 102.For example, the tag 116 may be mounted to a wall next to the networkdevice 102 and secured thereto using an enclosure constructed from asuitably rugged material that may avoid substantial interference withelectrical, optical, sound, or other types of communication, as will beappreciated from the details of the functioning of the tag 116 providedbelow. In some embodiments, the tag 116 may be disposed within a casingof the network device 102, glued, fastened, or otherwise secureddirectly to the network device 102 and/or disposed internally thereto.

The tag 116 may be any suitable device capable of active or passiveshort range communication. Further, the tag 116 may be capable of being“read,” e.g., either actively or passively providing a digitalidentifier, referred to herein as a “tag identifier” to a deviceequipped with appropriate reading hardware. Further, the tag 116 may becapable of being “rewritten” such that the tag identifier is changed.Such rewriting may include deleting and replacing an old tag identifier,overwriting an old tag identifier, or any other process of changing thetag identifier. Furthermore, “rewriting” does not necessarily requiringa complete substitution of information stored in the tag 116, but mayresult in a partial substitution thereof. In some cases, the tagidentifier may be encrypted, such that the tag 116 may be read and/orrewritten without the device that is reading/rewriting having access tothe unencrypted tag identifier. In a specific example, the tag 116 maybe a near field communication (NFC) tag, such as an unpowered,rewritable radio-frequency identification (RFID) tag, or any othersuitable device. Such NFC tags may require close proximity for effectivereading, for example, within about 10 meters, about 5 meters, about 1meter, about 50 centimeters, about 10 centimeters, about 1 centimeter,or the like.

Accordingly, the network device 102 and the tag 116 may be located in anarea 118. The area 118 may be representative of any or a portion of anyarea of physical proximity to the network device 102. For example, thearea 118 may represent part of a printing area or room in a building,but other areas may be employed without departing from the scope of thepresent disclosure. The server 104 may located in or, as shown, outsideof the area 118. The area 118 may be defined, for example, according tothe effective range of communication with the tag 116, described above.The area 118 may be generally circular in some cases, may be affected bystructures that interrupt or interfere with wireless electricalcommunication and/or the like. Accordingly, as it relates to the tag116, “physical proximity” may refer to the effective range of the tag116 for communication, i.e., the size of the area 118. Furthermore, insome instances, the size of the area 118 may be configurable, e.g., byselecting a particular tag 116 with a desired effective range orotherwise altering or configuring the effective range of a single tag116.

A computing device 120 may communicate with the network device 102, thetag 116, and/or the server 104, for example, when brought into the area118. A “computing device” may be any combination of hardware andsoftware, capable of supporting the functionalities and dataprocessing/transmitting techniques discussed herein, at least. Further,such computing device 120 may be commercially-available operable for ahost of other functions, or may be a special-purpose device tailored foruse in the system 100. In at least one embodiment, the computing device120 may be a mobile device, as shown. As used herein, the term “mobiledevice” may refer to any type of mobile or standalone device. Forexample, the computing device 120 may be provided by one or more of amobile phone, a tablet device, a notebook device, a personal dataassistant (PDA), or the like.

In an embodiment, the computing device 120 may connect to the network106 to effect such communication with the server 104 and/or the networkdevice 102; accordingly, the computing device 120 may transmit data tothe network 106 via a data connection 122 and receive data therefrom viaa data connection 124. For example, the data connections 124, 126 mayrepresent a wireless connection, a USB connection, an Ethernetconnection, and/or the like. Furthermore, the network 106 may representtwo or more linked networks, e.g., a network provided by a commercialdata provider (e.g., a cellular provider), from which communications arerouted to the server 104 on a local network. Through the connection 124,126 with the network 106, the computing device 120 may be able toreceive data from the network device 102. In another embodiment, thecomputing device 120 may be directly connected to the network device102, for example, via a USB connection, Ethernet, Bluetooth, or anothertype of connection.

The computing device 120 may receive images of scanned documents, printjob status, transaction information, or any other data from the networkdevice 102. Moreover, the computing device 120 may be configured totransmit instructions to the network device 102, such as commanding thenetwork device 102 to perform operations, e.g., printing, scanning,copying, emailing, faxing, document editing, transacting, otherprocessing actions, and/or the like.

The computing device 120 may also be configured to communicate with thetag 116. As shown, the computing device 120 may be configured to readinformation from the tag 116, as depicted by communication line 128, andto write information to the tag 116, as depicted by communication line130. For example, the computing device 120 may include a radio-frequencyinitiator, which may energize the tag 116 and allow communicationtherewith. In one example, the computing device 120 may be configured toacquire a tag identifier by reading the tag 116. Further, reading thetag 116 may provide connection information to establish (“bootstrap”) afaster, direct data transmission link between the computing device 120and the network device 102 (e.g., initiating a Bluetooth pairing).Further, the computing device 120 may be configured to rewrite the tag116, so as to, for example, change the tag identifier.

FIG. 2 illustrates a method 200 for verifying physical proximity, e.g.,of the computing device 120 to the network device 102, according to anembodiment. In at least one embodiment, the method 200 may be carriedout by the computing device 120 executing specialized software loadedonto the computing device 120, commonly referred to as an “app”(application). In another embodiment, the computing device 120 may allowa user to manually enter commands to carry out the method 200.

The method 200 may include the computing device 120 reading the tag 116,for example, at least acquiring a tag identifier from the tag 116, as at202. The tag 116, as noted above, may be fixed on, in, or proximal tothe network device 102. To acquire the tag identifier at 202, thecomputing device 120 may be brought into the area 118, and an RFinitiator activated to excite the tag 116 and begin communicationtherewith.

The tag 116 may then transmit the tag identifier to the computing device120. In some cases, the tag identifier may be encrypted, such that thecomputing device 120 does not have access to the unencrypted tagidentifier. In other cases, the tag identifier may be unencrypted, ordecodable by the computing device 120.

Further, the computing device 120 may acquire other information from thetag 116. For example, the tag 116 may contain a unique identifier of thenetwork device 102 (e.g., serial number, network address, an arbitrarilyassigned number, etc.). The tag 116 may also or instead includeinstructions for establishing direct communication with the networkdevice 102, instructions for sending an authorization request (e.g.,including the network address of the server 104), and/or the like.

Upon receipt of the tag identifier, the computing device 120 may proceedto transmitting data indicative of the tag identifier to the server 104,as at 204, for example, by communication therewith through the network106. The computing device 120 may also transmit information identifyingthe computing device 120 and/or information associated with a particularuser thereof. As such, the transmission may indicate to the server 104the identity of the user associated with the computing device 120, forexample, to indicate a level of authorization delegated to the user.

The computing device 120 may then wait, as the server 104 determineswhether the tag identifier is correct and then provides the appropriateauthorization or unlock command to the network device 102. In anembodiment, upon authorization, the computing device 120 may receive anauthorization confirmation including a new tag identifier from theserver 104, as at 206. The new tag identifier may be encrypted,non-encrypted, or encrypted and decodable by the computing device 120.Further, the authorization confirmation may be received directly fromthe server 104 via the network 106, but in other embodiments, the server104 may communicate the authorization to the network device 102, whichmay then communicate the authorization confirmation to the computingdevice 120. In some embodiments, however, the computing device 120 mayinstead select the new tag identifier, and transmit the new tagidentifier to the server 104.

The method 200 may then proceed to the computing device 120 rewritingthe tag 116 with the new tag identifier, as at 208. Before or after suchrewriting, the network device 102 may be unlocked and/or readied for useby the user of the computing device 120 or any other user. One, some, orall of the functions of the network device 102, the components thereof,and/or the computing device 120 may be unlocked by the network device102, the server 104, and/or the computing device 120, in response to thecomputing device 120 transmitting the correct tag identification.

Accordingly, with the proper authorization received and functionsunlocked, the user may cause the network device 102 to performoperations and/or may receive data from the network device 102, as at210. In some embodiments, the computing device 120 may be used to sendcommands to the network device 102 and receive information thereof. Inother embodiments, the commands may be entered by a user, for example,using buttons, a keyboard, a touchscreen display, etc. of the networkdevice 102. In at least one specific embodiment, the user may cause thenetwork device 102 to scan a document, either using the computing device120 to send a command or by inputting the command directly into thenetwork device 102, or another device, with the data resulting from thescanned document being transmitted to the computing device 120 or toanother location, e.g. another location on the network 106. In anotherembodiment, the user may cause the network device 102 to release a printjob, such that the print job, previously sent from, for example, aworkstation in another area of a facility (e.g., office), may then beprinted while the user is in proximity to the network device 102.

Accordingly, it will be seen that authorization, commands, and data maybe transferred, with it assured that the user of the computing device120 is in close proximity to the tag 116, which has a limited range tothe area 118. Furthermore, the network device 102, in variousembodiments, may not need to be equipped with hardware configured toenable communication (e.g., writing, rewriting) the tag 116, as suchreading and rewriting may be performed by the computing device 120.

FIG. 3 illustrates a flowchart of a method 300 for verifying physicalproximity of a user of the computing device 120 to the network device102, for example, using the server 104, according to an embodiment. Inat least one embodiment, the server 104 implementing the method 300 mayinteract with the computing device 120 implementing the method 200discussed and described above, such that the methods 200, 300 may bepart of an overall method for verifying physical proximity of a user ofthe computing device 120 to the network device 102.

The method 300 may begin by providing an initial set up or“registration” of the tag 116 and the network device 102. Accordingly,as mentioned above, a tag 116 with a unique (or at least reasonablyunique) identifier may be fixed in, on, or proximal to the networkdevice 102. The network device 102 may also have a unique identifier,such as a serial number. Accordingly, the server 104 may associate thenetwork device 102 with the tag identifier, as at 302. In at least oneexample, the computing device 120 may be employed to provide suchregistration. Further, the server 104 may store the network deviceidentifier of the network device 102 in a database of identifiers, andthen associate the network device identifier of the network device 102with the tag identifier in the database. In at least one embodiment, thenetwork device 102 my submit its identifier (serial number) for example,through an extensibility application loaded on the network device 102. Avariety of other schemes and identifying information, such as a networkaddresses, etc. may be employed to allow a particular network device 102to be identified in a database of network devices 102, with serialnumber being just one among many. With the network device 102registered, the network device 102 may be configured to prevent accessto one or more services, e.g., locked down, unless and until an accessauthorization is granted by the server 104.

The method 300 may then proceed to “normal” use of the system 100, forexample, by the server 104 receiving an authorization request from thecomputing device 120, as at 304. As described above, the computingdevice 120 may read the tag 116, thereby acquiring the tag identifiertherefrom. The computing device 120 may then transmit data indicatingthe tag identifier to the server 104, e.g., via a wireless connectionover the network 106, in the form of the authorization request, whichthe server 104 receives.

The server 104 may then determine if the tag identifier matches the tagidentifier of the tag 116 fixed to the network device 102. In somecases, the authorization request may include both the identifier of thenetwork device 102 and the tag identifier of the tag 116 fixed thereto.In other cases, the number of possible tag identifiers may besufficiently large, that false matches of a tag identifier to the wrongnetwork device 102 may be unlikely, and thus the identifier of thenetwork device 102 may not be included in the authorization request.Additionally, in some embodiments, the access request may include anidentifier of the computing device and/or a user associated therewith,such that a particular level of access can be determined, for example,to determine whether unlock or lock certain (e.g., administrative)functions depending on the level of access granted to a particularindividual.

The method 300 may then proceed to the server 104 determining that theacquired tag identifier—received in the authorization request—matchesthe tag identifier of the tag 116 fixed to the network device 102, as at306. Accordingly, the server 104 may search the database linking thenetwork devices 102 to the tag identifiers and determine if the tagidentifier matches a network device. In embodiments where both a tagidentifier and an identifier of the network device 102 are provided,either may be used to search the database, and then determine if bothidentifiers match the stored information.

If the server 104 determines that the tag identifier is not a match, isnot in the database, or is otherwise incorrect, authorization may bewithheld and, for example, an error or access denied message may betransmitted to the computing device 120, the network device 102, orboth. On the other hand, if the server 104 determines that the tagidentifier is correct, the method 300 may proceed to associating thenetwork device 102 with a new tag identifier, as at 308, which mayproceed immediately after determining that the tag identifier sent withthe authorization request was a match at 306. Such associating may beaccomplished by updating the tag identifier associated with the networkdevice 102 in the database of tag identifiers.

The new tag identifier may be generated by the server 104 or by thecomputing device 120; however, the method 300 may include the server 104withholding authorization until after the new association is made at308. In an embodiment where the computing device 120 determines the newtag identifier, the computing device 120 may rewrite the tag 116 andtransmit the new tag identifier to the server 104.

The method 300 may then proceed to the server 104 transmitting anauthorization, as at 310. The authorization may be transmitted to thenetwork device 102, unlocking the network device 102 for use by the userof the computing device 120 e.g., by interaction with input devicescoupled with the network device 102, via the computing device 120,and/or the like. The authorization may also be transmitted to thecomputing device 120, notifying the computing device 120 that access isgranted. Further, in an embodiment where the server 104 determines thenew tag identifier, the authorization sent to the computing device 120may include the new tag identifier, which the computing device 120 mayuse to rewrite the tag 116. Receiving the authorization request and/orreceiving the new tag identifier may cause the computing device 120 torewrite the tag, so as to substitute the tag identifier with the new tagidentifier. In some cases, the authorization may also includeinstructions for execution by the computing device 120, which, whenexecuted, may cause the computing device 120 to conduct such rewriting;however, in others, one or more applications executing on the computingdevice 120 may provide such instructions.

Having rewritten the tag 116 with a new tag identifier and updated thedatabase of tag identifiers, the method 300 may proceed back to waitingfor the next authorization request. Accordingly, a given tag identifiermay be limited to a single use, with a new identifier being required foreach subsequent access to the network device 102.

Further, the network device 102, server 104, or both may monitor usageof the network device 102 and require new access authorizationperiodically, upon certain triggers, etc. For example, the networkdevice 102 may experience a period of inactivity, resulting in atimeout; after such a timeout, the network device 102 may return tolockdown, requiring a new access authorization from the server 104. Inanother embodiment, after certain operations are completed, the networkdevice 102 may return to a lockdown, for example, after a print job iscomplete. In still other embodiments, the network device 102, the server104, or both may receive a lockout request from the computing device120, e.g., when the user is done performing tasks using the networkdevice 102. The network device 102 may respond by locking itself down,or the server 104 may respond by instructing the network device 102 tolockdown. A variety of other lockdown triggers may be implemented tosuit various needs consistent with the present disclosure.

Accordingly, it will be seen that embodiments of the disclosure providea reliable proximity verification system for a network device, such as amulti-function printer. The tag 116 may undergo frequent read/rewriteoperations, such that a captured code is only useful, at best, until thenext lockdown trigger or the change of the tag identifier. Further, if atag is removed or stolen, the theft will be apparent as soon as anotheruser attempts to access the network device 102 and is unable to do so.

Moreover, embodiments of the system 100 and methods 200, 300 may be usedto implement a print job release, as mentioned above. In such cases, thecomputing device 120 may acquire the tag identifier and transmit it,along with credentials associated with the user of the computing device120 to the server 104 for validation. Accordingly, the user may not needto type in a personal identification number, password, or otheridentifying information, as this may be provided by the computing device120.

Embodiments of the disclosure may also include one or more processor(i.e., computing) systems which may be implemented by the system 100,portions thereof, or partially implemented one or more processorsystems. FIG. 4 illustrates a schematic view of such a processor system400, according to an embodiment. The network device 102, server 104, andcomputing device 120 may each include one or more instances of theprocessor system 400; however, in some embodiments, the network device102 and the server 104 may be provided by a single processor system 400or by a group of processor systems 400.

The processor system 400 may include one or more processors 402 ofvarying core (including multiple core) configurations and clockfrequencies. The one or more processors 402 may be operable to executeinstructions, apply logic, etc. It will be appreciated that thesefunctions may be provided by multiple processors or multiple cores on asingle chip operating in parallel and/or communicably linked together.In one embodiment, the system 100 may include a single processor 402configured to perform each function associated with the server 104 andnetwork device 102; however, in other embodiments, these may be each beassociated with one or more distinct processors 402. Similarly, thecomputing device 120 may be associated with one or more processors 402.

The processor system 400 may also include a memory system, which may beor include one or more memory devices and/or computer-readable media 404of varying physical dimensions, accessibility, storage capacities, etc.such as flash drives, hard drives, disks, random access memory, etc.,for storing data, such as images, files, and program instructions forexecution by the processor 402. In an embodiment, the computer-readablemedia 404 may store instructions that, when executed by the processor402, are configured to cause the processor system 400 to performoperations. For example, execution of such instructions may cause theprocessor system 400 to implement one or more portions and/orembodiments of the methods 200 and/or 300 described above.

The processor system 400 may also include one or more network interfaces408, which may, in an embodiment, carry out the communication betweenthe network device 102, computing device 120, and/or the server 104. Thenetwork interfaces 408 may include any hardware, applications, and/orother software. Accordingly, the network interfaces 408 may includeEthernet adapters, wireless transceivers, PCI interfaces, and/or serialnetwork components, for communicating over wired or wireless media usingprotocols, such as Ethernet, wireless Ethernet, etc.

The processor system 400 may further include one or more peripheralinterfaces 406, for communication with a display screen, projector,keyboards, mice, touchpads, sensors, other types of input and/or outputperipherals, and/or the like. In some implementations, the components ofprocessor system 400 need not be enclosed within a single enclosure oreven located in close proximity to one another, but in otherimplementations, the components and/or others may be provided in asingle enclosure.

The memory device 404 may be physically or logically arranged orconfigured to store data on one or more storage devices 410. The storagedevice 410 may include one or more file systems or databases in anysuitable format. The storage device 410 may also include one or moresoftware programs 412, which may contain interpretable or executableinstructions for performing one or more of the disclosed processes. Whenrequested by the processor 402, one or more of the software programs412, or a portion thereof, may be loaded from the storage devices 410 tothe memory devices 404 for execution by the processor 402.

Those skilled in the art will appreciate that the above-describedcomponentry is merely one example of a hardware configuration, as theprocessor system 400 may include any type of hardware components,including any necessary accompanying firmware or software, forperforming the disclosed implementations. The processor system 400 mayalso be implemented in part or in whole by electronic circuit componentsor processors, such as application-specific integrated circuits (ASICs)or field-programmable gate arrays (FPGAs).

The foregoing description of several possible embodiments has beenpresented for purposes of illustration only. It is not exhaustive anddoes not limit the present disclosure to the precise form disclosed.Those skilled in the art will appreciate from the foregoing descriptionthat modifications and variations are possible in light of the aboveteachings or may be acquired from practicing the disclosed embodiments.

For example, the same techniques described herein with reference to theprocessor system 400 may be used to execute programs according toinstructions received from another program or from another computingsystem altogether. Similarly, commands may be received, executed, andtheir output returned entirely within the processing and/or memory ofthe processor system 400. Accordingly, neither a visual interfacecommand terminal nor any terminal at all is strictly necessary forperforming the described embodiments.

Likewise, the steps described need not be performed in the same sequencediscussed or with the same degree of separation. Various steps may beomitted, repeated, combined, or divided, as necessary to achieve thesame or similar objectives or enhancements. Accordingly, the presentdisclosure is not limited to the above-described embodiments, butinstead is defined by the appended claims in light of their full scopeof equivalents.

While the present teachings have been illustrated with respect to one ormore implementations, alterations and/or modifications may be made tothe illustrated examples without departing from the spirit and scope ofthe appended claims. In addition, while a particular feature of thepresent teachings may have been disclosed with respect to only one ofseveral implementations, such feature may be combined with one or moreother features of the other implementations as may be desired andadvantageous for any given or particular function. Furthermore, to theextent that the terms “including,” “includes,” “having,” “has,” “with,”or variants thereof are used in either the detailed description and theclaims, such terms are intended to be inclusive in a manner similar tothe term “comprising.” Further, in the discussion and claims herein, theterm “about” indicates that the value listed may be somewhat altered, aslong as the alteration does not result in nonconformance of the processor structure to the illustrated embodiment.

Other embodiments of the present teachings will be apparent to thoseskilled in the art from consideration of the specification and practiceof the present teachings disclosed herein. It is intended that thespecification and examples be considered as exemplary only, with a truescope and spirit of the present teachings being indicated by thefollowing claims.

What is claimed is:
 1. A method for verifying physical proximity to anetwork device, comprising: acquiring a tag identifier from a tag fixedin, on, or proximal to a network device, using a computing device,wherein the tag is configured to be read and written to by electroniccommunication with the computing device, when the computing device isdisposed in physical proximity to the tag; transmitting data indicativeof the tag identifier to a server; receiving an authorizationconfirmation from the server; rewriting the tag so as to replace the tagidentifier with a new tag identifier, using the computing device; andperforming one or more operations with the network device afterreceiving the authorization.
 2. The method of claim 1, wherein acquiringthe tag identifier comprises bringing the computing device to an area ofphysical proximity to the tag, wherein the tag is a radio frequencyidentification tag configured for near-field communication.
 3. Themethod of claim 2, wherein the area of physical proximity is aneffective range of communication of the tag, a size of the area isconfigurable, or both.
 4. The method of claim 1, wherein the networkdevice provides the server.
 5. The method of claim 1, further comprisingreceiving the new tag identifier from the server.
 6. The method of claim1, further comprising: selecting a new tag identifier using thecomputing device; and transmitting data indicative of the new tagidentifier to the server.
 7. The method of claim 1, further comprising:acquiring a network device identifier using the computing device; andtransmitting the network device identifier to the server.
 8. The methodof claim 1, wherein the computing device is a mobile device.
 9. A methodfor verifying physical proximity to a network device, comprising:associating a network device with a tag identifier of a tag fixed to,in, or proximal to the network device, wherein the tag is readable andwritable using electronic communication with a computing device inphysical proximity to the tag; receiving an authorization request fromthe computing device, the authorization request comprising dataindicative of an acquired tag identifier; determining that the acquiredtag identifier matches the tag identifier associated with the networkdevice; and in response to determining that the acquired tag identifiermatches the tag identifier, causing the computing device to rewrite thetag so as to substitute the tag identifier with a new tag identifier.10. The method of claim 9, further comprising associating the networkdevice with the new tag identifier after determining that the acquiredtag identifier matches the tag identifier of the network device.
 11. Themethod of claim 10, wherein associating the network device with the newtag identifier occurs before transmitting the authorizationconfirmation.
 12. The method of claim 9, further comprising receivingthe new tag identifier from the computing device after transmitting theauthorization, wherein causing the computing device to rewrite the tagcomprises transmitting an authorization confirmation to the computingdevice.
 13. The method of claim 9, further comprising selecting the newtag identifier, wherein causing the computing device to rewrite the tagcomprises transmitting the new tag identifier to the computing device.14. The method of claim 13, further comprising transmitting instructionsto the computing device that, when executed, are configured to cause thecomputing device to rewrite the tag with the new tag identifier.
 15. Themethod of claim 9, wherein the tag comprises a near-field communicationtag.
 16. The method of claim 9, further comprising associating thenetwork device with a network device identifier, wherein: receiving theauthorization request further comprises receiving an acquired networkdevice identifier; and determining that the acquired tag identifiermatches the tag identifier of the network device further comprisesdetermining that the acquired network device identifier matches thenetwork device identifier that is associated with the network device.17. A system, comprising: a network device; a tag that is readable andwriteable by electronic communication with a computing device positionedin physical proximity to the tag, the tag being fixed in a location in,on, or proximal to the network device and being configured to store atag identifier; and a server coupled to the network device, wherein theserver comprises one or more processors and one or morecomputer-readable storing instructions that, when executed by at leastone of the one or more processors, are configured to cause the server toperform operations, the operations comprising: associating the networkdevice with the tag identifier; receiving an authorization request fromthe computing device, the authorization request comprising dataindicative of an acquired tag identifier; determining that the acquiredtag identifier matches the tag identifier of the network device; and inresponse to determining that the acquired tag identifier matches the tagidentifier, causing the computing device to rewrite the tag so as tosubstitute the tag identifier with a new tag identifier.
 18. The systemof claim 17, wherein the computing device comprises a mobile device andthe tag comprises a near-field communication tag.
 19. The system ofclaim 17, wherein the network device comprises a printing device. 20.The system of claim 17, wherein the operations further comprisetransmitting data indicative of the new tag identifier to the computingdevice.